[Buildbot-devel] svn password plaintext in log
Dustin J. Mitchell
dustin at v.igoro.us
Fri Oct 19 23:42:46 UTC 2012
On Fri, Oct 19, 2012 at 4:55 AM, tom fogal <tfogal at sci.utah.edu> wrote:
> Hi all,
>
> I'm using the steps.source.svn.SVN step and seeing my password come out
> in the 'stdio' logs:
>
> argv: ['svn', 'info', '--non-interactive', '--no-auth-cache',
> '--username', 'tfogal', '--password', 'MyPasswordAppearsHere']
>
> Verbatim. I looked through the code a bit but I couldn't see where
> "argv:" gets printed out. Any pointers?
>
> Here's my svn step, for reference:
>
> SVN(mode="full", repourl=Interpolate(svn + "%(src::branch)s"),
> username=svnuser, password=svnpass)
Hmm, the slave-side SVN step (which you're using) uses Obfuscated to hide that:
slave/buildslave/commands/svn.py:
self.svn_args.extend(["--password",
Obfuscated(args['password'], "XXXX")])
so I'm surprised you're seeing this. The master-side command doesn't
support obfuscation.
Dustin
More information about the devel
mailing list